Synthesis of the vulnerability

An attacker can generate a memory corruption via IE Scriptscan COM Object of McAfee VirusScan Enterprise, in order to trigger a denial of service, and possibly to run code.Impacted products:VirusScan.Severity: 3/4.Consequences: user access/rights, denial of service on service, denial of service on client.Provenance: document.Creation date: 12/04/2017.Identifiers:CVE-2016-8030, SB10194, VIGILANCE-VUL-22423.

Description of the vulnerability

An attacker can generate a memory corruption via IE Scriptscan COM Object of McAfee VirusScan Enterprise, in order to trigger a denial of service, and possibly to run code.Full Vigil@nce bulletin... (Free trial)

Synthesis of the vulnerability

An attacker can generate a memory corruption via scriptproxy of McAfee VirusScan Enterprise for Windows, in order to trigger a denial of service, and possibly to run code.Impacted products:VirusScan.Severity: 2/4.Consequences: privileged access/rights, user access/rights, denial of service on server, denial of service on service.Provenance: document.Creation date: 14/12/2016.Revision date: 13/02/2017.Identifiers: VIGILANCE-VUL-21380, VU#535111.

Description of the vulnerability

An attacker can generate a memory corruption via scriptproxy of McAfee VirusScan Enterprise for Windows, in order to trigger a denial of service, and possibly to run code.Full Vigil@nce bulletin... (Free trial)

McAfee VirusScan Enterprise: unlocking console

Synthesis of the vulnerability

A local attacker can bypass the password protection of the McAfee VirusScan Enterprise console, in order to alter the product configuration.Impacted products:VirusScan.Severity: 2/4.Consequences: privileged access/rights.Provenance: privileged shell.Creation date: 04/05/2016.Identifiers:CVE-2016-4534, SB10158, VIGILANCE-VUL-19520.

Description of the vulnerability

The McAfee VirusScan Enterprise product has a console protected by a password.

However, a local attacker can close handles of mcconsole.exe, to unlock the console.

A local attacker can therefore bypass the password protection of the McAfee VirusScan Enterprise console, in order to alter the product configuration.Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.Full Vigil@nce bulletin... (Free trial)